34
Security Issues in Mobile Technology •presented By: - Parmar Pallavi[112343]. Solanki Urmi[112324].

security issue

Tags:

Embed Size (px)

Citation preview

Page 1: security issue

Security Issues in Mobile Technology

•presented By: -Parmar Pallavi[112343].Solanki Urmi[112324].

Page 2: security issue

In any defense system, we need to know our enemy.To build an information security system, we need to answer the following question:1) who is the enemy ?2) what are the weak links in the system?3) what needs special protection?4) To protect our assets from attack, we need to build a security system. How much does the security system cost in terms of money, resource and time?

Information Security

Page 3: security issue

Attack

A security system is a system to defend our asset from attacks. In the physical world, these attacks are carried at the weak point in the defense system..

Loss can be either1.Static information asset(static asset).2.Dynamic asset

Page 4: security issue

Static assets cover a large portion of theasset base. All the databases, files, documents etc. In the computer fall in this category.Example of attacks on static asset are virus deleting files in a computer or jamming a network.

Example of an attack on a dynamic asset is the theft of a credit card number while a user is doing a credit card transaction on the web.

Page 5: security issue

Interception:-An unauthorized party gaining access to an asset will be part of this attack. This is an attack on confidentiality like unauthorized copying of files or tapping a conversation between parties.Modification:-An unauthorized party gaining control of an asset and tampering with it is part of this attack. This is an attack on integrity like changing the content of a message being transmitted through the network

Attack on dynamic asset can be of following type

Page 6: security issue

Febrication:-An unauthorized party inserts counterfeited objects into the system. For example , impersonating someone and inserting a spurious message in network.

Interruption:-An asset is destroyed or made unusable. This is an attack on availibility. this attack can be on a static assent or a dynamic asset. An example could be cutting a communication line or making the router so busy that a user cannot use a server in a network

Page 7: security issue
Page 8: security issue
Page 9: security issue
Page 10: security issue

Forcenturies,informationsecurity was synonymous with secrecy.The art of keeping a message secret was to encrypt the message and thus hide from others getting to know of it.Thereare six types component of information security are as follows:1) Confidentiality2) Availability3) Integrity4) Non-repudiation5) Authorization6) Trust7) Accounting

Page 11: security issue

Confidentiality (privacy):-isthe property where the information is kept secret so that unauthorized person cannot get at the information.

integrity:-Integrity is to ensure the integrity of the message.

Authorization:-It deals with privileges(authority). In any transaction, there is a subject (a person) and an object(data items or file).The subject wants some function to be performed ononthe objects.

Page 12: security issue

Availability (obtainment):-media management is not within the scope of security protocols and algorithms. Media management is needed to ensure a availability of service.

Trust :-Trust involves developing a security trust-based security management is necessary. Trust involves developing a securitypolicy,assigningcredentials(identity card) toentities,verifyingthat the credentials fulfill the policy.

Page 13: security issue

Accounting :-It is the process by which the usage of the service is metered. Based upon the usage, the service provider collects the feeeitherdirectly from the customer or through the home network.

Page 14: security issue
Page 15: security issue

In a symmetric key cryptography, the same key is used for both encryption and decryption.This is like a lock where the same key is used to lock and unlockIn this type of encryption , the key is secret and known only to the encrypting (sender) and decrypting(receiver) parties.Therefore, it is also known as a secret key algorithm.Some authors refer to symmetric key cryptography as shared key...because the same key is shared between the sender and the receiver of the message.

Page 16: security issue

In a symmetric cryptography, there are four components.1) plaintext,2) encryption/decryption algorithm,3) secret key (key for encryption and decryption),4)ciphertext.

Page 17: security issue

The most popular symmetric key algorithms are:1) DES : Data Encryption Standard, this algorithm is the most widely used, researched and has had the longest life so far.2) 3DES: This is the modification DES. In This algorithm, DES Is used 3 times in succession3) AES: Advances Encryption Standard, this is the current accepted standard for encryption by FIPS(Federal Information Processing Standards) of USA.4) Skip jack: this is a token-bases algorithm used by defense personnel in the US.

Page 18: security issue

In symmetric key encryption we use the same key for both encryption and decryption.In public key cryptography we use the different keys, one key for encryption and a different key for decryption.As there are two different keys used, this is also called asymmetric key cryptography.Public key cryptosystem is based on mathematical functions rather than permutation and substitution.

Page 19: security issue

There are six components:1) plain Text: This is the human readable message or data given to the public key algorithm as input for encryption2)Ciphertext:- This is a unique data and depends only on the unique key used for encryption.3) Encryption Algorithm :- This is the algorithm that does computation and various transformation on the inputpalintext.4) Decryption algorithm :- This algorithm does the reverse function of the encryption algorithm.5) Public key :- This is one of the keys from the key pair. This key is made public for anybody toaccess.Thiskey is either used for encryption and decryption.6) Private key :- This is called the privatekey,becausethe key is secret..

Page 20: security issue

Hashing function are one-way functions used for message digests.Hash function takes input data of any size and give the output of the fixed size.The outputs are collision (clash)free.This means that two different inputs will not produce the same output.The most commonly used hash functions are MD5 AND SHA-1.

Page 21: security issue

MD5

MD5 is stands for Message Digest version 5.The MD5 algorithm is an extension of the MD4 message – digest algorithm and is slower than MD4.The algorithm can also 512 bits of the input message in blocks.

Page 22: security issue

SHA Algorithm

SHA stands for Secure Hash Algorithm.It was developed by the NIST(National Institute of Standard and Technology).SHA was first published in 1993.Later in, 1995, a revised version of the algorithm was published as SHA-1.SHA processes input in 512 bits block and produces 160 bits of output.Like MD5 ,SHA-1 is also based on MD4 algorithm.

Page 23: security issue

MAC stands for Message Authentication Code.it is used to integrity check the message.A secret key is used to generate a small fixed size data block from the message.Both the sender and the receiver share the same secret key for MAC.When the sender has a message to be sent to the receiver, the message is sent along with the MAC.The receiver receives themessage;andcalculate the MAC from the message and the shared key.The receiver checks the MAC received from the sender.if they are the same, the message is considered to be in perfect state.

Page 24: security issue

Security Protocol

We need to device protocols that will use these algorithms in such a fashion that vulnerabilities are eliminated and security is ensured.

There are many protocols for secured communication.

Page 25: security issue

The most popular protocol is SSL(Secure Socket Layer).

SSL was originally developed by Netscape.

The Internet standars for TLS (Transport Layer Security) and WTLS(wireless Transport Layer Security) have been derives from the SSL protocol.

Page 26: security issue
Page 27: security issue

Security Socket Layer (SSL)

SSL protocol is used to provide security of data over public networks like Internet.it runs above the TCP/IP protocol layer and below higher level protocols such as HTTP.

SSL allows both machines(server and client) to establish a secured encrypted channel

Page 28: security issue

•Public-key encryption provides better authentication techniques.

•Symmetric key encryption is much faster than the public key encryption.

•An SSL session begins with SSL handshake.

•SSL handshake allow the server to authenticate itself to the client using public-key techniques.

Page 29: security issue

•SSL handshake also allow the client o authenticate itself to the server.

•It then allows the client and server to cooperate in the creation of symmetric key.

•It then uses this shared key for payload encryption, decryption and tamper detection the session that follows.

Page 30: security issue
Page 31: security issue

TLS

Transport Layer Security or TLS in short is a security protocol to offer secure communication at the transport layer.

TLS protocol is the Internet standard and based on the SSL 3.0 protocol specification.

The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications.

At the lower levels, TLS uses TCP transport protocol.The TLS protocol is composed of two layers: the TLS Handshake protocol and the TLS Record Protocol.

Page 32: security issue

WTLS

oThe transport layer security protocol in the WAP architecture is called the Wireless Transport Layer Security.

oWTLS provide functionality similar to TLS 1.0 and in corporates new feature such as datagram support, optimized handshake and dynamic key refreshing.

oThe WTLS layer operates above the transport protocol layer similar to TLS.

Page 33: security issue

oWTLS provides an interface for creating and terminating secure connections.

oThe primary goal of the WTLS layer is to provide, data integrity and authentication between two communicating applications.

Page 34: security issue

Thank You


An Issue of National Security Accomplishments

An Issue of National Security Accomplishments

Documents
Security Advisor Middle East | Issue 5

Security Advisor Middle East | Issue 5

Documents
Multitenency - Solving Security Issue

Multitenency - Solving Security Issue

Technology
Security Kaizen Magazine, Issue 11

Security Kaizen Magazine, Issue 11

Documents
Security Issue in cloud Computing

Security Issue in cloud Computing

Technology
Big Data (security Issue)

Big Data (security Issue)

Technology
Security Kaizen Magazine, Issue 13

Security Kaizen Magazine, Issue 13

Documents
Information security diligence issue 4.5

Information security diligence issue 4.5

Business
North Korea's Nuclear Issue: Security Implications … North Korea's Nuclear Issue: Security Implications for Asia Rajaram Panda* The nuclear issue in North Korea and unpredictable

North Korea's Nuclear Issue: Security Implications … North Korea's Nuclear Issue: Security Implications for Asia Rajaram Panda* The nuclear issue in North Korea and unpredictable

Documents
Food Security Issue

Food Security Issue

Documents
Security and Privacy of Data - media.govtech.netmedia.govtech.net/GOVTECH_WEBSITE/EVENTS/...Security = Culture!! Security is a BUSINESS issue, NOT a technical issue!! • Administrative

Security and Privacy of Data - media.govtech.netmedia.govtech.net/GOVTECH_WEBSITE/EVENTS/...Security = Culture!! Security is a BUSINESS issue, NOT a technical issue!! • Administrative

Documents
American Security Quarterly - V2 Issue 3

American Security Quarterly - V2 Issue 3

Documents
HAKIN9 IT Security Magazine [April 2013 Issue]

HAKIN9 IT Security Magazine [April 2013 Issue]

Documents
Security Africa Magazine issue 1

Security Africa Magazine issue 1

Documents
Cybersecurity 4 security is sociotechnical issue

Cybersecurity 4 security is sociotechnical issue

Technology
THE FRENCH SECURITY AND DEFENCE ISSUE

THE FRENCH SECURITY AND DEFENCE ISSUE

Documents
Security Advisor Middle East | Issue 2

Security Advisor Middle East | Issue 2

Documents
MILITARY NATIONAL SECURITY OFFICE Issue 1. 2018

MILITARY NATIONAL SECURITY OFFICE Issue 1. 2018

Documents
Top IPv6 Security Issues Today · Top IPv6 Security Issues • Issue #1: Accidental IPv6 deployment in an unmanaged IPv4 enterprise • Issue #2: Malicious IPv6 Deployment • Issue

Top IPv6 Security Issues Today · Top IPv6 Security Issues • Issue #1: Accidental IPv6 deployment in an unmanaged IPv4 enterprise • Issue #2: Malicious IPv6 Deployment • Issue

Documents
Security Improvement Audits (including Security Improvement … · 2018. 10. 3. · Security Improvement Audits (including Security Improvement Audit Tool) PROCEDURES PD2018_038 Issue

Security Improvement Audits (including Security Improvement … · 2018. 10. 3. · Security Improvement Audits (including Security Improvement Audit Tool) PROCEDURES PD2018_038 Issue

Documents
Security Manager, issue No. 44

Security Manager, issue No. 44

Documents
Listing and Issue of Security, India

Listing and Issue of Security, India

Documents
Security Africa Magazine Issue 2

Security Africa Magazine Issue 2

Documents
Security Africa Magazine Issue 4

Security Africa Magazine Issue 4

Documents
Security Solutions Magazine Issue 76

Security Solutions Magazine Issue 76

Documents
Issue 3 Maritime Security Review - MS Risk | Security Risk

Issue 3 Maritime Security Review - MS Risk | Security Risk

Documents
Security Kaizen Magazine, Issue 9

Security Kaizen Magazine, Issue 9

Documents
Security Matters Issue One, 2016 - Alarm Capital

Security Matters Issue One, 2016 - Alarm Capital

Documents
Special issue leaflet security 2

Special issue leaflet security 2

Documents
Issue 5 August 16 - Global Food Security

Issue 5 August 16 - Global Food Security

Documents